I think we should remove it.
Also, I revised the e.g. as follows
... undesireable and security relevant effects, such as overwriting of
startup or system files.
regards, Frederick
Frederick Hirsch
Nokia
On Mar 27, 2009, at 2:00 PM, ext Hillebrand, Rainer wrote:
Dear Frederick,
I added my comments inline.
Best Regards,
Rainer
*************************************
T-Mobile International
Terminal Technology
Rainer Hillebrand
Head of Terminal Security
Landgrabenweg 151, D-53227 Bonn
Germany
+49 171 5211056 (My T-Mobile)
+49 228 936 13916 (Tel.)
+49 228 936 18406 (Fax)
E-Mail: rainer.hillebr...@t-mobile.net
http://www.t-mobile.net
This e-mail and any attachment are confidential and may be
privileged. If you are not the intended recipient, notify the sender
immediately, destroy all copies from your system and do not disclose
or use the information for any purpose.
Diese E-Mail inklusive aller Anhänge ist vertraulich und könnte
bevorrechtigtem Schutz unterliegen. Wenn Sie nicht der beabsichtigte
Adressat sind, informieren Sie bitte den Absender unverzüglich,
löschen Sie alle Kopien von Ihrem System und veröffentlichen Sie
oder nutzen Sie die Information keinesfalls, gleich zu welchem Zweck.
T-Mobile International AG
Aufsichtsrat/ Supervisory Board: René Obermann (Vorsitzender/
Chairman)
Vorstand/ Board of Management: Hamid Akhavan (Vorsitzender/
Chairman), Michael Günther, Lothar A. Harings, Katharina Hollender
Handelsregister/Commercial Register Entry: Amtsgericht Bonn, HRB 12276
Steuer-Nr./Tax No.: 205 / 5777/ 0518
USt.-ID./VAT Reg.No.: DE189669124
Sitz der Gesellschaft/ Corporate Headquarters: Bonn
-----Original Message-----
From: Frederick Hirsch [mailto:frederick.hir...@nokia.com]
Sent: Freitag, 27. März 2009 18:55
To: Hillebrand, Rainer
Cc: Frederick Hirsch; marc...@opera.com; WebApps WG
Subject: Re: [BONDI Architecture & Security] [widgets] new
digsig draft
comments inline, thanks for reviewing this
regards, Frederick
Frederick Hirsch
Nokia
On Mar 27, 2009, at 1:26 PM, ext Hillebrand, Rainer wrote:
3. Section 7.3: "The set of acceptable trust anchors, and policy
decisions based on the signer's identity are established through a
security-critical out-of-band mechanism." I do not really
understand
this sentence. This is not subject for the processing rules, isn't
it? What is an acceptable trust anchor? Are they really
established
or may they be established?
knowing whom you can trust and how to establish that trust
is out of
scope.
RH: Would you like to keep this sentence or delete it? I wonder
whether we need to mention the potential use of the KeyInfo which is
out-of-scope anyhow.